﻿using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

using System.Data.SqlClient; 

namespace LOGIN
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {
            label1.BackColor = Color.Transparent;
            label2.BackColor = Color.Transparent;
            label3.BackColor = Color.Transparent;
            skinEngine1.SkinFile = Application.StartupPath + @"\RealOne.ssk";
        }

        private void login_Click(object sender, EventArgs e)
        {
            SqlConnection sqlConnection = new SqlConnection();                                          
            sqlConnection.ConnectionString =
                "Server=(local);Database=MyHospital;Integrated Security=sspi";                         
            SqlCommand sqlCommand = sqlConnection.CreateCommand();                                      
            sqlCommand.CommandText =
                "SELECT COUNT(1) FROM Manager WHERE UserID=@UserID AND Password=HASHBYTES('MD5',@Password);";   
            sqlCommand.Parameters.AddWithValue("@UserID", this.UserID.Text.Trim());             
            sqlCommand.Parameters["@UserID"].SqlDbType = SqlDbType.Char;
            sqlCommand.Parameters.AddWithValue("@Password", this.Password.Text.Trim());             
            sqlCommand.Parameters["@Password"].SqlDbType = SqlDbType.Char;

                                               
            sqlConnection.Open();
         
           
            int rowCount = (int)sqlCommand.ExecuteScalar();
                                          
            sqlConnection.Close();                                                                      
            if (rowCount == 1)                                                                          
            {
                
                ordersHelper.UserID = UserID.Text;
                SqlCommand sqlCommand1 = sqlConnection.CreateCommand();
                sqlCommand1.CommandText =
                    "SELECT UserID,RoleID,UserName FROM Manager WHERE UserID=@UserID;";
                sqlCommand1.Parameters.AddWithValue("@UserID", this.UserID.Text.Trim());
                sqlCommand1.Parameters["@UserID"].SqlDbType = SqlDbType.Char;
                SqlDataAdapter sqlDataAdapter = new SqlDataAdapter();
                sqlDataAdapter.SelectCommand = sqlCommand1;
                DataTable a = new DataTable();
                sqlDataAdapter.Fill(a);
                ordersHelper.UserName = Convert.ToString(a.Rows[0].ItemArray[2]);
                ordersHelper.RoleID = Convert.ToString(a.Rows[0].ItemArray[1]);

                sqlCommand1.CommandText =
                    "SELECT UserID,RoleID,UserName FROM Manager WHERE UserID=@UserID;";
                sqlCommand.Parameters.AddWithValue("@UserID", this.UserID.Text.Trim());
                sqlCommand.Parameters["@UserID"].SqlDbType = SqlDbType.Char;
                MessageBox.Show("登录成功。");
                this.Hide();
                Main f = new Main();
                f.Show();
            }
            else                                                                              
            {
                MessageBox.Show("用户号/密码有误，请重新输入！");                              
                this.Password.Focus();                                                
                this.Password.SelectAll();
                return;                     
            }
            
           
           

        }
    }
}
